Internet security is challenging, and the types of threats computers are exposed to are rapidly increasing. Software infecting computers is commonly known as malware. Malware types include examples such as worms, bankers, proxy, DDoS, password stealers, fake anti-virus, spammers, downloaders and the like.
The term ‘worms’ is given to self-replicating malware which uses a computer network to send copies of itself to other computers on the network. The term ‘bankers’ is given to malware which steals banking information.
The term ‘proxy’ is given to malware which sets the infected computer as a proxy between other computers (for example as used for Fast Flux and the like). The term ‘DoS’ is given to malware which is used for Denial-of-Service attack against websites or networks.
The term ‘password stealers’ is given to malware which steals any type of information.
The term ‘Fake Anti-Virus’ is given to malware which misleads users into paying for a fake removal of malware.
The term ‘Spammers’ is given to malware which uses an infected computer to send spam emails.
The term ‘Downloaders’ is given to malware which downloads other malware to an infected computer.
Malware types may be differentiated according to criteria such as self-distribution, point of control, data stealing, level of protection and the like. The self-distribution is the capability of the malware to spread itself to other computers. Point of control refers to the capability of the malware to be controlled by a central remove server, for example its vulnerability to receiving commands, sending information, automatic updating and the like. Data stealing refers to the capability of the malware to send information from the computer to a remote server.
The level of protection of malware refers to the systems put into place by the malware author in order to decrease detection by end point security products, such as anti-virus software, malware detection software, and the like, and gateway protection software, such as firewalls and the like. For example, some malware is designed to be polymorphic, for example changing executable signature, while maintaining the malware payload. Some malware may use encryption of the network communication between the malware and a drop zone at a criminal server.
Cyber criminals use different methods to infect machines with malware. Examples include the social engineering, exploitation of specific vulnerabilities, use of exploit kits, distribution of email attachment and the like.
Social engineering is one method for deceiving users into downloading malware. In one example a website which offers to show a video. In in order to view the video the user is required to download software purporting to be an update for commonly used software such as Adobe Flash or the like. In reality the update is an executable file installing malware onto the host.
Specific vulnerability may be identified and exploited, certain malicious webpages, for example, exploit known vulnerabilities of a browser, application or operating system in order to install the malware surreptitiously.
Exploit kits are a collections of exploits traded in the underground, and used by cyber criminals to increase the probability of installing the malware surreptitiously.
Email attachments are often used to distribute malware to unsuspecting recipients. For example, executable files may be attached to spam email or email purporting to be from a member of the user's contact list. A botnet generally comprises a set of malware infected computers, or bots, all connected to a common criminal sever, also known as a bot server, or a bot server set comprising a plurality of bot servers. The bot server or bot server set may include a command and control module, which is able to control all the infected computers, an update module which updates the malware code in the infected computers, and a drop zone for collecting data received from the infected computers.